https://bugzilla.wikimedia.org/show_bug.cgi?id=27261
Summary: Disable passing query strings through Special:Random Product: MediaWiki Version: 1.17 Platform: All OS/Version: All Status: NEW Severity: normal Priority: Normal Component: Special pages AssignedTo: wikibugs-l@lists.wikimedia.org ReportedBy: etd...@gmail.com 1.17 has a new feature that allows tacking a query string onto the usual Special:Random syntax, resulting in loading an URL that combines the randomly-selected page name and the query string. This feature is not at all well thought-out; it can be used to construct an auto-vandalism URL to post anywhere you like on the Web, resulting in distributed mass-vandalism. Likewise a smart vandal can copy-and paste a handcrafted URL many times to vandalize many pages quickly. There are other bad things you can automate with this as well. I'm not going to post an example URL here, but any developer should feel free to mail me if you want one. Please disable this. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l